-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Patch 0001: We weren't checking that the asprintf was successfully allocating memory. I converted it to talloc_asprintf() for uniformity as well.
Patch 0002: If grouplist was a zero-length array, we would return ret unitialized. Patch 0003: If we jumped to the end before the for-loop, it was possible that we would return an unitialized value of count. It's unlikely that we would ever trust this value, but this patch eliminates the compiler warning. Patch 0004: If we fell into the default case of the switch statement, we would attempt to talloc_free() a random memory location. This patch guarantees that sdp_req is NULL if it has not been initialized. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAksefmsACgkQeiVVYja6o6OX2ACffgVI2msGTgnSwAmHIo4/uwyj T+EAoKRMMclIykrOEPYfDACQCuAEFtww =pLsZ -----END PGP SIGNATURE-----
From 7422dabf2868a5537c3290b774dbb93f1b379302 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 8 Dec 2009 10:58:01 -0500
Subject: [PATCH 1/4] Add allocation error check
---
server/util/server.c | 17 ++++++++++-------
1 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/server/util/server.c b/server/util/server.c
index 3a84c70..977deae 100644
--- a/server/util/server.c
+++ b/server/util/server.c
@@ -111,7 +111,10 @@ int pidfile(const char *path, const char *name)
int fd;
int ret, err;
- asprintf(&file, "%s/%s.pid", path, name);
+ file = talloc_asprintf(NULL, "%s/%s.pid", path, name);
+ if (!file) {
+ return ENOMEM;
+ }
fd = open(file, O_RDONLY, 0644);
err = errno;
@@ -129,25 +132,25 @@ int pidfile(const char *path, const char *name)
/* succeeded in signaling the process -> another sssd process */
if (ret == 0) {
close(fd);
- free(file);
+ talloc_free(file);
return EEXIST;
}
if (ret != 0 && errno != ESRCH) {
err = errno;
close(fd);
- free(file);
+ talloc_free(file);
return err;
}
}
}
- /* notihng in the file or no process */
+ /* nothing in the file or no process */
close(fd);
unlink(file);
} else {
if (err != ENOENT) {
- free(file);
+ talloc_free(file);
return err;
}
}
@@ -155,10 +158,10 @@ int pidfile(const char *path, const char *name)
fd = open(file, O_CREAT | O_WRONLY | O_EXCL, 0644);
err = errno;
if (fd == -1) {
- free(file);
+ talloc_free(file);
return err;
}
- free(file);
+ talloc_free(file);
memset(pid_str, 0, sizeof(pid_str));
snprintf(pid_str, sizeof(pid_str) -1, "%u\n", (unsigned int) getpid());
--
1.6.5.2
From a5dca6d26dd7ca8cd6b2c16b480fb13d790d1ade Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 8 Dec 2009 11:10:52 -0500
Subject: [PATCH 2/4] Avoid returning uninitialized result.
If grouplist was a zero-length array, we would return ret
unitialized.
---
server/tools/tools_util.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/server/tools/tools_util.c b/server/tools/tools_util.c
index b509ccb..9794523 100644
--- a/server/tools/tools_util.c
+++ b/server/tools/tools_util.c
@@ -207,6 +207,7 @@ int check_group_names(struct tools_ctx *tctx,
return ENOMEM;
}
+ ret = EOK;
for (i=0; grouplist[i]; ++i) {
ret = sysdb_getgrnam_sync(tctx,
tctx->ev,
--
1.6.5.2
From af7a449b0b25075f1616d5ff27493f18e0a637b5 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 8 Dec 2009 11:14:21 -0500
Subject: [PATCH 3/4] Fix potential uninitialized value errors in nsssrv_cmd.c
---
server/responder/nss/nsssrv_cmd.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index 88240a3..ce59271 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -1481,7 +1481,8 @@ static int fill_grent(struct sss_packet *packet,
size_t delim;
size_t dom_len;
size_t pwlen;
- int i, j;
+ int i = 0;
+ int j = 0;
int ret, num, memnum;
size_t rzero, rsize;
bool add_domain = dom->fqnames;
--
1.6.5.2
From 193f9b70432489bb04b3818d2a47079ce0bf240b Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 8 Dec 2009 11:16:11 -0500
Subject: [PATCH 4/4] Fix potential uninitialized value error in responder_dp.c
If we fell into the default case of the switch statement, we would
attempt to talloc_free() a random memory location. This patch
guarantees that sdp_req is NULL if it has not been initialized.
---
server/responder/common/responder_dp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/server/responder/common/responder_dp.c b/server/responder/common/responder_dp.c
index 03e83ec..1fe1d95 100644
--- a/server/responder/common/responder_dp.c
+++ b/server/responder/common/responder_dp.c
@@ -254,7 +254,7 @@ int sss_dp_send_acct_req(struct resp_ctx *rctx, TALLOC_CTX *callback_memctx,
hash_value_t value;
TALLOC_CTX *tmp_ctx;
struct timeval tv;
- struct sss_dp_req *sdp_req;
+ struct sss_dp_req *sdp_req = NULL;
struct sss_dp_callback *cb;
/* either, or, not both */
--
1.6.5.2
0001-Add-allocation-error-check.patch.sig
Description: PGP signature
0002-Avoid-returning-uninitialized-result.patch.sig
Description: PGP signature
0003-Fix-potential-uninitialized-value-errors-in-nsssrv_c.patch.sig
Description: PGP signature
0004-Fix-potential-uninitialized-value-error-in-responder.patch.sig
Description: PGP signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
